Geoffrey S. Mendelson wrote:
Shachar Shemesh wrote:
It can be secure. All you have to do is install an IPSec VPN on all
machines participating in the network, and not let anyone who is not VPN
authenticated get to either your internal network *or the internet*!
I am looking into the same thing as I have a guest comming for a few
months that prefers WiFi to an ethernet cable. He's bringing me an
"access point" ($40 in the states). I'm assuming it's incredably dumb,
basicly an ethernet port on one side, and an antenna on the other, with
just enough logic to get the packets in and out. :-)
I was planning on taking an old PC and running linux on it as a firewall.
To the outside world, I was going to open a DHCP server, ssh and whatever
port(S) the VPN uses.
Port 500 for IKE (I think you need UDP, and TCP is a Check Point
extension), as well as IPSEC IP protocol (don't remeber the protocol
number). Sometimes you would also need to enable UDP (don't have the
port number - just experiment) for what is called "UDP encapsulation IPSec".
He's a "good guy" so I'm not overly concerned what he a can access locally,
but if I was, I'd turn off IP forwarding on the firewall, and only allow
him to access an HTTP proxy, DNS, SMTP and some sort of multilayer proxy
between the WiFirewall and the cable firewall for GAIM.
How would that stop a spammer parked outside your house from sending spam?
Geoff.
Shachar
--
Shachar Shemesh
Open Source integration consultant
Home page & resume - http://www.shemesh.biz/
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
